Security
Headlines
HeadlinesLatestCVEs

Tag

#firefox

Ubuntu Security Notice USN-5782-2

Ubuntu Security Notice 5782-2 - USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem.

Packet Storm
Open in Source
#vulnerability#web#ubuntu#dos#firefox
CVE-2022-45995: public_bug/tenda/ax12/1 at main · bugfinder0/public_bug

There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different vulnerability from CVE-2022-2414.

GHSA-5pq7-52mg-hr42: httparty has multipart/form-data request tampering vulnerability

### Impact I found "multipart/form-data request tampering vulnerability" caused by Content-Disposition "filename" lack of escaping in httparty. `httparty/lib/httparty/request` > `body.rb` > `def generate_multipart` https://github.com/jnunemaker/httparty/blob/4416141d37fd71bdba4f37589ec265f55aa446ce/lib/httparty/request/body.rb#L43 By exploiting this problem, the following attacks are possible * An attack that rewrites the "name" field according to the crafted file name, impersonating (overwriting) another field. * Attacks that rewrite the filename extension at the time multipart/form-data is generated by tampering with the filename For example, this vulnerability can be exploited to generate the following Content-Disposition. > Normal Request example: > normal input filename: `abc.txt` > > generated normal header in multipart/form-data > `Content-Disposition: form-data; name="avatar"; filename="abc.txt"` > Malicious Request example > malicious input filename: `overwrite_name_f...

CVE-2022-4372: Security Bulletin

The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as subscriber could exploit this as well

CVE-2022-4370: Security Bulletin

The multimedial images WordPress plugin through 1.0b does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.

CVE-2022-4360: Security Bulletin

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

CVE-2022-4359: Security Bulletin

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

CVE-2022-4352: Security Bulletin

The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

BDWeb-Link LMS 1.11.5 SQL Injection

BDWeb-Link LMS version 1.11.5 suffers from a remote SQL injection vulnerability.